Question
Security of httpd (url string exploit?)
Hi. Logwatch on my CentOS VPS reported the following:
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
222.73.21.47
A total of 1 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP Response 200
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
vsftpd:
Unknown Entries:
authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator rhost=92.86.139.111 : 105 Time(s)
check pass; user unknown: 105 Time(s)
---------------------- pam_unix End -------------------------
Is this serious? What should I do next?
Thanks
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×